1. Field of the Invention
The present invention relates to a Network Address Translation (NAT)—supported Distributed Denial of Service (DDOS) attack security device which can prevent a DDOS attack in which an attacker or intruder of a NAT-based network transmits excessive traffic (such as excessive Transmission Control Protocol (TCP) session connection requests or Web-page requests) to a Web server so that a normal user is unable to smoothly receive a Web service from the Web server due to the occurrence of excessive traffic, and identify only a normal user who has the same Internet Protocol (IP) address as the attacker, such that the normal user can normally use the Web service of the Web server.
2. Description of the Related Art
In general, in association with Network Address Translation (NAT) technology, a current Internet address system is composed of 32 bits, and the number of public Internet Protocol (IP) addresses is limited.
When using NAT, a multiple of Personal Computers (PCs) in an internal network can simultaneously use the same public IP address through.
The NAT technology can be used as a technology for preventing the access of a fraudulent user initiated by external attack, such that it has been widely used in most networks.
If an attacker PC is present in an NAT-based network, all the normal users who use the same public IP address in the NAT network cannot receive the Internet service due to the IP blocking of one attacker PC.
Nowadays, most DDOS devices have widely used for an IP-based blocking method to protect a Web server from external attack as well as to prevent excessive traffic.
Provided that conventional security devices detect TCP connection of more than a traffic threshold value established in the network, the conventional security devices block connection of the corresponding IP address for a predetermined period of time, and user PCs assigned the same IP address are unable to use a network service.